Purpose: This role contributes to the development of the IT organization's security strategy and technical activities to implement and manage security infrastructure and processes in close partnership with the Deputy CISO. The role is part of a diverse team of highly technical engineers who work to accomplish organizational goals. This role must have strong technical background, as well as an ability to work with IT, Risk and operational leadership staff members to help align priorities to key business objectives. Responsibilities also include assessing technical compliance of Information Services policies, standards, and strategies defined by the Chief Information Security Officer (CISO).
This role collaborates with the Deputy CISO and the CISO to develop and maintain the Information Security strategy, roadmap, and architecture in alignment with business objectives and serve as an interface between strategic and tactical risk activities and the work of the technology-focused staff within the Information Security organization.
Major Accountabilities:
Planning:
- Provide requirements and strategy input to continue the maturation of the Security Engineering function within the Information Security department.
- Maintain the department's information security risk profile and key activities schedule, which includes security threat and vulnerability analysis, reviews and audits of application and server compliance to configuration baselines, and control validation for key service assets.
- Lead the process of gathering, analyzing, and assessing the current and future security threat landscape; provide IT Risk and Compliance with a realistic overview of security risks and threats in the enterprise environment.
- Serve as the senior team member on a staff of information security engineering professionals; collaborate and share leadership skills, support development programs for team members, and contribute to a high performing team culture.
- Maintain relationships in the security technology industry to stay current on evolving technologies enabling effective and efficient solution delivery.
Security Engineering:
- Member of the Information Security Engineering team responsible for ongoing security activities and projects related to the detection, analysis, containment, and eradication of security vulnerabilities that impact the availability, integrity, and confidentiality of Bank information.
- Provide security expertise for key processes supporting information security activities including, systems administration, change management, quality assurance, software development, risk gap analysis, technology evaluation and enhancements, and architecture and design.
- Work with business unit stakeholders and with architecture and operations teams in researching, evaluating, designing, and testing, or recommending and planning the transition and implementation of new or updated information security technology and services to:
- ensure solutions and service levels are aligned with security policies and standards and legal, regulatory, and audit requirements.
- analyze impact on existing security controls environment and standards;
- provide technical and managerial expertise for the administration of security tools.
Participate in the execution of periodic security risk assessments and initiate any corrective actions that are needed.
Skills/Knowledge:
Required
- Bachelor's degree in computer science or the equivalent work experience is required.
- Five years or more prior work experience in information security is required.
- Must have a working knowledge of information management systems: networking, operating systems, database management systems, user identity and access control systems, firewalls and intrusion detection systems, and security monitoring and reporting systems.
- Must have working knowledge of security vulnerability detection tools and processes.
- Must have working knowledge of incident response techniques and vulnerability remediation.
- Must have experience with security architecture design and management.
- Must have experience with common information security management frameworks.
- Must have threat intelligence and analysis experience.
- Ability to operate effectively in a highly collaborative, heavily regulated technical team comprised of a staff with diverse mindsets and cultural backgrounds.
- Strong interpersonal communication, analysis, and writing skills.
- Strong soft skills including ability to work effectively with business unit managers and IS engineering and IS operations staff and the ability to effectively navigate and be a leader in a matrix environment is required.
Preferred
- Experience in financial or banking services industry highly desirable.
- Information security certifications, such as CISSP, CISM, or equivalent preferred. Information systems auditing certification such as CISA or GISA is highly desirable.
- Experience developing and maintaining information security policies, standards, processes, guidelines, and procedures for financial services preferred.
SALARY RANGE: $195K - $210K
The Federal Home Loan Bank of San Francisco is an Equal Employment Opportunity employer and is committed to a diverse workforce. We value and actively seek to recruit, develop, and retain individuals with varied backgrounds and experiences reflecting the full diversity of the communities that we serve. It is the policy of the Bank to comply with all applicable laws concerning the employment of persons with disabilities.
Salary ranges reflect the base salary that the Bank reasonably expects to pay for a given role and is not inclusive of annual incentive award opportunities, retirement benefits or the value of other health and welfare or other ancillary benefits. We consider many factors when determining base salaries such as individual background and experience, the competitive environment, education, particular skill set(s), and industry and institutional knowledge.
The Bank is committed to offering all team members challenging and engaging work with market competitive pay, retirement, and benefit offerings. In support of this commitment, the Bank routinely engages in market competitive benchmarking surveys and analysis to ensure our team members continue to be paid fairly and competitively.
#J-18808-Ljbffr